MLAG and Vxlan mixing.

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
I've been trying to figure out what makes MLAG implementation in a vxlan enviroment different from other more 'regular vlan' implementations. The user guide suggests that the isc link gets turned into an ospf routed link, but it doesn't go into detail on how this impacts the rest of the mlag setup.

I've gotten this far with my configuration so far, it's working for traffic to and from vmware-hosts, however when connecting to other existing l2 enviroments strange things seem to happen with broadcast packets, and a switch-loop like scenario seems to appear.

I'm at wit's end on what the correct implementation of mlag and vxlan is supposed to be, I'm attaching the configuration I've done so far in hopes more experienced minds  can figure out what I'm missing.

The configuration example omits ospf information, since I have done no such configuration in regards to mlag.

# Setting the same IP on both switches ensures both identify as the same 
# vxlan endpoint
# Mlag peer creation: # Both: 
enable sharing 1 grouping 1 algorithm address-based L2 lacp 
# Left: create vlan "ISC" configure vlan ISC tag 4000 configure vlan ISC add ports 117 untagged
configure vlan ISC ipaddress 10.0.0.0 255.255.255.254 configure mlag ports convergence-control fast
create mlag peer "right" configure mlag peer "right" ipaddress 10.0.0.1 vr VR-Default
enable mlag port 1 peer "right" id 1
# Right: create vlan "ISC" configure vlan ISC tag 4000 configure vlan ISC add ports 117 untagged
configure vlan ISC ipaddress 10.0.0.1 255.255.255.254 configure mlag ports convergence-control fast
create mlag peer "left" configure mlag peer "left" ipaddress 10.0.0.0 vr VR-Default
enable mlag port 1 peer "left" id 1
#vxlan related config:
create vlan loopback enable loopback-mode loopback configure vlan loopback ipaddress 192.168.0.0 255.255.255.255 create vlan mlag-test disable igmp snooping vlan "mlag-test" configure vlan mlag-test tag 1000 configure vlan mlag-test add ports 1,117 tagged
create virtual-network "vni10001" flooding standard configure virtual-network "vni10001" vxlan vni 10001 configure virtual-network "vni10001" add vlan mlag-test configure virtual-network local-endpoint 192.168.0.0 

OSPF router-ID and local address is configured as a secondary-IP on the vlan loopback. This is to keep the number of OSPF interfaces down so we can still keep under the limit imposed on the Advanced Edge licence.
Photo of Linus Lindblad

Linus Lindblad

  • 100 Points 100 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,348 Points 10k badge 2x thumb
For the OSPF underlay part you miss:

create vlan routed-isc tag 11
config routed-isc add port 117 tagged
config routed-isc ipaddress 10.0.0.15/31
config ospf add routed-isc area 0.0.0.0 link-type point-to-point

For VXLAN I recommend using a dedicated virtual LTEP:

create vlan vltep
enable loopback-mode vltep
config vltep ipaddress 172.16.0.1/32
enable ipforwarding vltep
config ospf add vltep area 0.0.0.0 passive
config virtual-network local-endpoint ipaddress 172.16.0.1
(Edited)
Photo of Bin

Bin, Employee

  • 5,370 Points 5k badge 2x thumb
Hello Linus

There is one configuration example shows how to configure MLAG with VXLAN.
http://documentation.extremenetworks.com/exos_22.1/exos_21_1/vxlan/C_configuration_example_for_mlag....

Best regards,
Photo of Linus Lindblad

Linus Lindblad

  • 100 Points 100 badge 2x thumb
Unfortunatly the suggested configuration would push me over the 4-ospf device limit imposed on the Advanced Edge license. I already have two OSPF links to the l3 layer on each switch, and one loopback-vlan for local routerID configuration.

Adding a routed-isc vlan would set me at 4 total OSPF devices, but a dedicated vltep vlan makes 5.Can I combine the vltep vlan with an ospf routerid as a secondary-IP, or will things break horribly?

I'm also a bit curious as to how this changes the underlying configuration of the mlag tenant VLANs, do these still need to be added to the isc port in a tagged manner. And what does the route-isc link provide?
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,348 Points 10k badge 2x thumb
I'd add the loopback as a passive interface.
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,348 Points 10k badge 2x thumb
Sorry, I missed the question at the end. You still have to configure a proper MLAG for the tenant VLANs, no change on that. What you are adding is a second loopback that will be common between the two peers and used as the Local VTEP address (so same address on both peers), plus a routed-link between the two (a vlan on the same physical path than the ISC), in OSPF as well. I personally prefer to use p2p links everywhere (and loopback as passive). OSPF router-id is different on each MLAG peer, using another loopback interface (also a passive interface in OSPF). You'll see traffic on that routed-isc link, and depending on the design you may have to configure a higher metric for that link (that's more a backup link than something else). You have to configure that routed-isc link.

MLAG with VXLAN:
- do not use MLAG alternate IP
- do not use the W MLAG (2 ISC feature)
Photo of Linus Lindblad

Linus Lindblad

  • 100 Points 100 badge 2x thumb
I missed that adding passive interfaces doesn't count against the 4 ospf link limit. Thanks!

What I'm more curious about is the routed vlan over the ISC link, I'm not quite sure what that adds to the mlag configuration as a whole, and in my specific design I already have two uplinks on each switch to the L3 layer, so more redundancy might just complicate things.

Basically from how I figure it, the routed-isc link would be used if none of the other ospf links are avaliable?
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,348 Points 10k badge 2x thumb
I believe it's in the event you lose your local link to the end-system (MLAG side) as well.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,498 Points 10k badge 2x thumb
If one switch of the MLAG pair loses all uplinks, the transfer network across the ISC still connects it to the rest of the network via the other MLAG switch. This is important if only one uplink per MLAG switch is used (I would not recommend to use only one uplink per switch).
Photo of Linus Lindblad

Linus Lindblad

  • 100 Points 100 badge 2x thumb
Ah, so it's just more redundancy. The route-isc link in this example would just provide alternative paths to the L3 enviroment in case of a fault, and has nothing to do with the actual mlag syncronization?